Simultaneos-Use in login for same mac-address

Ivan Kalik tnt at kalik.net
Fri Jun 6 18:29:45 CEST 2008 

Your NAS is rubbish. It sent stop packet for the first session.
Freeradius didn't "close" this session - Mikrotik did.

Ivan Kalik
Kalik Informatika ISP


Dana 6/6/2008, "Jean Carlos Oliveira Guandalini"
<jeanguandalini at visaonet.com.br> piše:

>Ivan Kalik escreveu:
>> No. There is no simultaneous login here:
>>
>> session1:
>>
>> start: 11:08:45
>> stop: 11:08:46
>>
>> session2:
>>
>> start: 11:08:49
>>   
>
>but the session1 not ended, it closed at freeradius when the second 
>session trying to connect. In my "NAS(Mikrotik)" there are two 
>connections, with different ip address.
>
>Thanks
>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 6/6/2008, "Jean Carlos Oliveira Guandalini"
>> <jeanguandalini at visaonet.com.br> piše:
>>
>>   
>>> Hello,
>>>
>>> we have a problem of mac-address clone, and we use the Simultaneous-Use: 
>>> = 1 option to not allow double login, but when this is a case of the 
>>> clone mac-address the freeradius allows the connection.
>>>
>>> Log of sql.trace:
>>> INSERT into radpostauth (id, user, pass, reply, date) values ('', 
>>> 'userlogin', '290476', 'Access-Accept', NOW());
>>> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
>>> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
>>> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
>>> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
>>> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
>>> AcctStartDelay, AcctStopDelay) values('81b00935', 'bcc93b20ea389f59', 
>>> 'userlogin', '', '10.0.6.10', '2447', 'Ethernet', '2008-06-06 11:08:45', 
>>> '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
>>> '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');
>>> UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46', AcctSessionTime 
>>> = '0', AcctInputOctets = '0', AcctOutputOctets = '0', AcctTerminateCause 
>>> = '', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = 
>>> '81b00935' AND UserName = 'userlogin' AND NASIPAddress = '10.0.6.10';
>>> INSERT into radpostauth (id, user, pass, reply, date) values ('', 
>>> 'userlogin', '290476', 'Access-Accept', NOW());
>>> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
>>> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
>>> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
>>> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
>>> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
>>> AcctStartDelay, AcctStopDelay) values('81b00936', '3f7c1d06dbd205d4', 
>>> 'userlogin', '', '10.0.6.10', '2448', 'Ethernet', '2008-06-06 11:08:49', 
>>> '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
>>> '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');
>>>
>>>
>>> Queries in sql.conf:
>>> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE 
>>> UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
>>> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, 
>>> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, 
>>> FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND 
>>> AcctStopTime = 0"
>>>
>>>
>>> despite the mac-address to match are two different users, and the second 
>>> to connect without first disconnecting was before.
>>> Is there any possibliidade to block it?
>>>
>>>
>>> Thanks
>>>
>>> Sorry for my english (By Google Tradutor)
>>>
>>> -- 
>>> Jean Carlos Oliveira Guandalini
>>> Dep. de Redes e Infra-estrutura
>>> VisăoNet Tecnologia e Telecomunicaçőes
>>> 0800-643-5025
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>
>>>
>>>     
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>   
>
>
>-- 
>Jean Carlos Oliveira Guandalini
>Dep. de Redes e Infra-estrutura
>Visa~oNet Tecnologia e Telecomunicaço~es
>0800-643-5025
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list